Privacy Policy

About Us and this Policy 

This Privacy Policy is provided by Innovent Leasing Limited (“Innovent” or “we” or “us”) and explains how we comply with the UK GDPR and the Data Protection Act 2018 (“Data Protection Law”). This Privacy Policy applies to Customers entering into a contract for a loan with us and their personal guarantors (where applicable) or anyone who is interested in applying for a loan. It also sets out our use of your information if you are purchasing on behalf of your employer. 

Innovent Leasing Limited is established in the UK with company registration number 7888024. We are authorised and regulated by the Financial Conduct Authority. We are a credit broker and not a lender and offer credit facilities from a panel of lenders. FCA number 794868. Our registered office is First Floor, 65 Carter Lane, London, EC4V 5DY. 

How to contact us 

If you need to contact us about this Privacy Policy, use the details below: 

  • > Data Protection Officer: Adrian Saint 
  • > Address: First Floor, 65 Carter Lane, London, EC4V 5DY 
  • > Telephone number: 020 7123 4570 
  • > Email: 

If you would like this Privacy Policy in another format (for example: audio, large print, braille), please contact us. 


Your personal data is important to both you and us and it requires respectful and careful protection. This privacy policy informs you of our privacy practices and of the choices you can make about the way we hold information about you. This notice explains what data we process, why, how it is legal and your rights. 

We process your personal information for the following reasons:  

  • > to administer and manage our contract with you or your employer; 
  • > for credit reference and other background checking purposes;  
  • > for monitoring and recording telephone calls for the purposes of security and training; and 
  • > sending out marketing and information about our loans where you request it.  

This is our privacy policy so please be aware that should you follow a link to another website, you are no longer covered by this policy. It’s a good idea to understand the privacy policy of any website before sharing personal information with it. 

Changes to this Privacy Policy 

The Privacy Policy will be provided to you when you apply for a loan with us and the latest version can always be found at  information. Please contact the Data Protection Officer for a copy. 

We may change this Privacy Policy from time to time. We will alert you by posting a notice on our website when changes are made. Current version: v4 October 2022 

Useful words and phrases 

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in Data Protection Law and are used throughout this Privacy Policy: 

Term Definition 

Controller – This means any person who determines the purposes for which, and the manner in which, any personal data is processed. 

Criminal Offence Data – This means any information relating to criminal convictions and offences committed or allegedly committed. 

Data Subject – The person to whom the personal data relates. 

ICO – This means the UK Information Commissioner’s Office which is responsible for implementing, overseeing and enforcing Data Protection Law. 

Personal Data – This means any information from which a natural living individual can be identified. This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future. These are called identifiers. 

Processing – This covers virtually anything anyone can do with personal data, including: 

  • > obtaining, recording, retrieving, consulting or holding it; 
  • > organising, adapting or altering it; 
  • > disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it. 

Processor – This means any person who processes the personal data on behalf of a data controller. They do not make any decisions only carry out the data controller’s instructions. 

Special Category Data – This means any information relating to: 

  • > racial or ethnic origin; 
  • > political opinions; 
  • > religious beliefs or beliefs of a similar nature; 
  • > trade union membership; 
  • > physical or mental health or condition; 
  • > sexual life; 
  • > or genetic data or biometric data for the purpose of uniquely identifying you. 

We do not process any special categories of data about any individuals. 

What personal data do we collect? 

Information provided by you – For individuals applying for contracts with us, we collect the following information from you: 

  • > Name, address, telephone numbers, bank account details; 
  • > Details relating to financing including the amount of finance required, monthly repayments amounts; and 
  • > Driving Licence details and other confirmation of name/address. 

For those nominated as guarantors for individuals applying for contracts with us, we collect the following information from you: 

  • > Name, address, telephone numbers; and 
  • > Confirmation if they are a home owner. 

For those entering into contracts with us on behalf of their employer, we collect the following information from you: 

  • > Name, address, telephone numbers, email address. 

For those enquiring about loans, we collect the following information from you: 

  • > Name, address, telephone number, email address. 

Personal information provided by third parties: 

Introducers and other originators – If we contract with you through an introducer or other originator we will get certain personal data such as your name, contact details and amount of finance required from that introducer or originator. This may also include credit check results about you and your guarantor. 

Personal information about other individuals – If you provide us with information about other individuals (e.g. your personal guarantor), you confirm that you have informed the relevant individuals accordingly. This Privacy Policy details how we will process their personal data. 

We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion. 

We regularly complete Legitimate Interest Assessments to ensure that our marketing activities are considered, appropriate and are in accordance with all relevant legislation. 

Why do we process your personal data? 

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal grounds (please see section ‘How is processing your data lawful’ for further explanation of what the legal grounds noted below). 


We gather your data to send newsletters and emails to you about our products. For example, you may sign up to receive our newsletters or further information about our loans at trade shows. You can opt-out of receiving marketing from us by clicking ‘unsubscribe’ at the bottom of our emails at any time. 

Legitimate Interests 

Know Your Client / Anti-Money Laundering Checks (for individual customers and guarantors only) 

We have a legal requirement to make sure that money originates from a legal source and that you are who you say you are. We take your driving licence details or other confirmation of your name and address for ID purposes. 

Legal obligation 
Administering your application. We need certain information such as your name and contact details so that we can contact you. 

Administering our contract with you. We need certain information such as your name and contact details so that we can contact you, respond to queries you may have, ensure payments operate smoothly and otherwise administer and manage your contract with us. 

We process information about personal guarantors to make sure they have the financial capacity to guarantee your loan. We need the name and contact details to verify the identity of the guarantor. 

How is processing your personal data lawful? 

Personal data 
We are allowed to process your personal data for the following reasons and on the following legal bases: 

Legitimate Interests 
We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Innovent Leasing Limited. This could be us answering a query, providing a quotation or information about our products and services. 

To do so, we have considered the impact on your interests and rights and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. 

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how. 

Contractual Obligation 
It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide certain personal data to us, we will not be able to carry out our obligations under the terms of your contract. 

Legal obligation 
We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements. 

Who will have access to your personal data? 

Below we list some of our key service providers that act as our processors who will have access to your personal data.  

Data processors 
We use third-party suppliers who we may transfer your data to in relation to providing business services. This will include accounting services, accounting software packages, IT equipment suppliers who also may install and deliver directly to our customer and marketing consultants. 

Zoho provides our Customer Relationship Management System. 

We share your details with one of the below wholesale funding banks so that the bank can run credit checks, fraud prevention and other ID checks on you: 

  • > Investec Asset Finance Limited 
  • > Cf Corporate Finance Limited 
  • > Close Asset Finance Limited  
  • > Aldermore Bank plc 
  • > Paragon Bank Asset Finance Limited 
  • > Société Générale Equipment Finance Limited 
  • > PEAC Solutions Limited

A failure to provide information for credit checks, fraud prevention and other ID checks will prevent us from carrying out those checks, as detailed above. Without these checks, we will not be able enter into a contract with you.  

We may share your details with credit reference agencies, debt collection agents and any proposed assignee, transferee or chargee, any purchaser of all or part of our business, insurers or advisers or as may otherwise be required under any law or regulation. 

We will also share your personal data with the police, other law enforcements or regulators where we are required by law to do so. 

Where the organisations with which we share your personal data use that personal data as a controller under Data Protection Laws, you should review their Privacy Policies to find out how they process your personal data. If you have any queries or complaints about how they process your personal data by them, please contact them separately using the contact information provided on their website.  

Transfers of your personal data outside the EEA 
We will not transfer your data outside the EEU. 

Any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms. If you want to know more about how data is transferred, please contact us using the details in the section above. 

How we keep your personal data secure 

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities and all of our email and data storage devices are encrypted and password protected with access limited to essential personnel only. 

We have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to. 

Please note that we do not require your consent to share this information if we suspect criminal or unlawful activity, in these circumstances we will only contact the relevant organisations. 

When will we delete your data? 

The following categories of personal data will be kept for the following periods. 

Personal Data Retention period 

  • > Name, contact details are kept for 6 years beyond the termination of our contract with you; 
  • > Driving licence and identification documentation are kept until your identity is confirmed/ acknowledged by the bank 
  • > Amount of finance required and monthly repayments information are kept for 6 years beyond the termination of our contract with you; and  
  • > Guarantor’s name, contact details and financial information are kept for 6 years beyond the termination of our contract with you. 

This will all be in accordance with our Data Retention Policy which is available on request. 

Your rights 

As a data subject, you have the following rights under Data Protection Law: 

  • > the right to object to processing of your personal data; 
  • > the right of access to personal data relating to you (known as data subject access request);  
  • > the right to correct any mistakes in your information; 
  • > the right to prevent your personal data being processed; 
  • > the right to have your personal data ported to another controller; 
  • > the right to withdraw your consent (including for direct marketing); and 
  • > the right to erasure. 

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us”). We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. 

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with Data Protection Law. 

Right to object to processing of your personal data 
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. 

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your personal data lawful”. 

Right to access personal data relating to you 

Under Data Protection Law, you have the right to request a copy of the personal information Innovent Leasing Limited hold about you and to have any inaccuracies corrected or information deleted.  

Right to correct any mistakes in your information 
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with. 

Right to restrict processing of personal data 
You may request that we stop processing your personal data if: 

  • > you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate; 
  • > the processing is unlawful but you do not want us to erase your data;  
  • > we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; 
  • > or you have objected to processing because you believe that your interests should override our legitimate interests. 

Right to data portability 
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party, we will ask you to verify their identity and confirm your consent to release this information to them. 

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. You will not be recognisable as a natural living person from this anonymised data. 

Right to withdraw consent 
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data. 

Right to erasure 
You can ask us to erase your personal data where: 

  • > you do not believe that we need your data in order to process it for the purposes set out in this Privacy Policy; 
  • > if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data; 
  • > you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; 
  • > or your data has been processed unlawfully or have not been erased when it should have been. 

Complaints to the regulator 
It is important that you ensure you have read this Privacy Policy – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. We would like to do our best to help you, please contact us at: 

You may also complain to the ICO. Information about how to do this is available at: 

Policy Updated – 31/10/2022